| Guid | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | A unique identifier that is a combination of GUID of selected Scan and Active Directory ObjectGUID of the object. |
| FSName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | A special unique identifier that is a combination of the Name of the object and the Fully Qualified Domain Name of the Domain. |
| ObjectSid | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Active Directory security identifier of object. (Ldap Display Name: objectSid) |
| Name | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Name of the specified object. (Ldap Display Name: name) |
| IsDomainController | BOOLEAN | N/A | Indicates whether the machine is a Domain Controller server. |
| OperatingSystem | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The name of the operating system that runs on the computer. (Ldap Display Name: operatingSystem) |
| OperatingSystemVersion | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The version of the operating system that runs on the computer. (Ldap Display Name: operatingSystemVersion) |
| IsEnabled | BOOLEAN | N/A | Indicates whether the object is enabled. |
| DistinguishedName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Active Directory distinguished name of the object. (Ldap Display Name: distinguishedName) |
| session_count | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Indicates the number of sessions on the computer. |
| explicit_localadmin_count | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Indicates the number of explicit local admins on the computer. |
| IsPrivileged | BOOLEAN | N/A | Indicates that the object is Privileged. |
| IsSMBv202Active | BOOLEAN | N/A | Indicates whether the SMB Version 2.2 is active. |
| IsUnsupported | BOOLEAN | N/A | Indicates whether the computer runs an unsupported/obsolote operating system. |
| IsAdmin | BOOLEAN | N/A | Indicates that the object is Admin. |
| DNSHostName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Fully qualified domain name of computer as registered in DNS. (Ldap Display Name: dNSHostName) |
| IsSpoolActive | BOOLEAN | N/A | Indicates whether the Spool service is running on the computer. |
| WhenChanged | DATE | SMALLER, LARGER, BETWEEN, EQUAL | The date when this object was last changed. (Ldap Display Name: whenChanged) |
| IsProtected | BOOLEAN | N/A | Indicates that the object is a direct or nested member of the Protected Users group. |
| WhenCreated | DATE | SMALLER, LARGER, BETWEEN, EQUAL | The date when this object was created. (Ldap Display Name: whenCreated) |
| MsDSSupportedEncryptionTypes | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The encryption algorithms supported by user, computer or trust accounts. The KDC uses this information while generating a service ticket for this account. Services and Computers can automatically update this attribute on their respective accounts in Active Directory, and therefore need write access to this attribute. (LDAP Display Name: msDS-SupportedEncryptionTypes) |
| IsSMBv2v3SignEnabled | BOOLEAN | N/A | Indicates whether the SMB Version 2 and Version 3 protocol signing is enabled. |
| HasLaps | BOOLEAN | N/A | Indicates whether the local administrator account on the computer is managed through LAPS(Local Administrator Password Solution). |
| IPAddress | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | IPV4 Network address of the computer. |
| risk | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The risk score of the object that calculated based on vulnerability counts and severities. |
| UserAccountControl | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Flags that control different attributes and behavior of the objects. (Ldap Display Name: userAccountControl) (Field Reference) |
| AllowedtoDelegateSpn | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Contains Service Principal Name definitions in the context of Constrained Delegation. (LDAP Display Name: msDS-AllowedToDelegateTo) |
| SAMAccountName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The logon name used to support clients and servers running earlier versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. (Ldap Display Name: sAMAccountName) |
| DontReqPasswd | BOOLEAN | N/A | Indicates whether the object's password can be blank. |
| DontReqPreauth | BOOLEAN | N/A | Indicates whether the Kerberos Pre-Authentication mechanism was disabled for the object. |
| Cn | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The name that represents an object. Used to perform searches. (Ldap Display Name: cn) |
| IsSMBv2v3SignRequired | BOOLEAN | N/A | Indicates whether the SMB Version 2 and Version 3 protocol requires signing. |
| HasReversibleEncryption | BOOLEAN | N/A | Indicates whether the object is using reversible encryption instead of hash to keep credentials. |
| IsSMBv210Active | BOOLEAN | N/A | Indicates whether the SMB Version 2.10 is active. |
| SidHistory | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and that new SID becomes the objectSID. The previous SID is added to the sIDHistory property. (Ldap Display Name: sIDHistory) |
| IsSMBv1Active | BOOLEAN | N/A | Indicates whether the SMB Version 1 is active. |
| PwdLastSet | DATE | SMALLER, LARGER, BETWEEN, EQUAL | The date and time that the password for this account was last changed. If this value is set to 0 and the User-Account-Control attribute does not contain the UF_DONT_EXPIRE_PASSWD flag, then the user must set the password at the next logon. (Ldap Display Name: pwdLastSet) |
| IsUsingDESAlgorithmForHashing | BOOLEAN | N/A | Indicates whether the object is using an insecure DES algorithm in Kerberos protocol. |
| AdminCount | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). (Ldap Display Name: adminCount) |
| LapsExpirationTime | DATE | SMALLER, LARGER, BETWEEN, EQUAL | Stores the password expiration time of LAPS. (Ldap Display Name: ms-Mcs-AdmPwdExpirationTime) |
| LastLogon | DATE | SMALLER, LARGER, BETWEEN, EQUAL | The last time the user logged on. This attribute is not replicated to other Domain Controllers. (Ldap Display Name: lastLogon) |
| HasUnconstrainedDelegation | BOOLEAN | N/A | Indicates whether the Unconstrained Delegation is activated on the object. |
| IsSMBPortOpen | BOOLEAN | N/A | Indicates whether port 445 of the computer is accessible. |
| LogonCount | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The number of times the account has successfully logged on. This attribute is not replicated to other Domain Controllers. (Ldap Display Name: logonCount) |
| IsSMBv311Active | BOOLEAN | N/A | Indicates whether the SMB Version 3.1 is active. |
| BadPwdCount | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The number of times the object tried to log on to the account using an incorrect password. (Ldap Display Name: badPwdCount) |
| HasConstrainedDelegation | BOOLEAN | N/A | Indicates whether the Constrained Delegation is activated on the object. |
| IsStealth | BOOLEAN | N/A | Indicates that the object can compromise admin objects with at least one attack path. |
| HasResourceBasedConstrainedDelegation | BOOLEAN | N/A | Indicates whether the Resource Based Constrained Delegation is activated on the object. |
| IsSMBv300Active | BOOLEAN | N/A | Indicates whether the SMB Version 3 is active. |
| group_delegated_localadmin_count | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Indicates that the object has group delegated local admin privilege on how many computers. |
| PrimaryGroupID | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Contains the relative identifier (RID) for the primary group of the object. (Ldap Display Name: primaryGroupID) |
| IsSMBv302Active | BOOLEAN | N/A | Indicates whether the SMB Version 3.2 is active. |
| LastLogonTimestamp | DATE | SMALLER, LARGER, BETWEEN, EQUAL | The time that the user last logged into the domain. This attribute is replicated to other Domain Controllers but not updated until after 14 (msDS-LogonTimeSyncInterval) days. (Ldap Display Name: lastLogonTimestamp) |
| SAMAccountType | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Specifies the account type of the security principal objects in Active Directory. (LDAP Display Name: sAMAccountType) (Field Reference) |
| IsLocalAdmin | BOOLEAN | N/A | Indicates that the object is a member (direct or nested) of a local administrators group in at least one computer. |
| HasProtocolTransition | BOOLEAN | N/A | Indicates whether the Constrained Delegation with Protocol transition is activated on the object. |
| IsSMBv1SignRequired | BOOLEAN | N/A | Indicates whether the SMB Version 1 protocol requires signing. |
| DisplayName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The display name for an object. This is usually the combination of the users first name, middle initial, and last name. (LDAP Display Name: displayName) |
| IsWindowsOS | BOOLEAN | N/A | Determines whether the current operating system is a version of Microsoft Windows. It returns true if the OS is Windows, otherwise false. |
| IsWindowsServer | BOOLEAN | N/A | Checks if the operating system is a Windows Server edition. It returns true if the OS is a Windows Server, otherwise false. |
| IsWSUServer | BOOLEAN | N/A | Checks if the machine is configured as a Windows Server Update Services (WSUS) server. Returns true if it is a WSUS server, otherwise false. |
| HTTPUpdateService | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Handles application updates by communicating with a remote server over HTTP. It fetches version information, compares it with the application's current version, and initiates the update process if necessary. |
| IsInactive | BOOLEAN | N/A | Indicates whether a computer has been enabled but unused (no logon) for a period longer than the defined inactivity threshold |
| ServicePrincipalName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | These SPN entries indicate that the computer has Kerberos service identifiers registered for both its hostname and fully qualified domain name under the HOST and RestrictedKrbHost service classes, allowing it to securely participate in Kerberos authentication. |
| MsDsCreatorSid | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Represents the security identifier (SID) of the account that originally created the Active Directory object, retrieved in binary form and converted to a readable SID string. |
| Description | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Description text to display for an object. (Ldap Display Name: description) |
| SmbShares | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Shared folders or printers on a network using the SMB (Server Message Block) protocol for file and resource sharing. |
| ExposurePoint | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | ExposurePoint: A numerical value indicating the level of risk or exposure. |